Crypto U12, SSL

jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko about 8 years ago
75
10

Description

IYM002 (Unit 12 - Crypto Systems) Mind Map on Crypto U12, SSL, created by jjanesko on 04/28/2013.

Resource summary

Crypto U12, SSL
1 background
1.1 sits on top of TCP
1.1.1 roughly equivalent to TLS
1.2 created by IETF
1.2.1 Internet Engineering Task Force
2 design
2.1 designed for open environments where entities do not have a security association
2.1.1 security association: having some relationship where communicating entities have agreed or exchanged security related info or cryptographic keys
2.2 security requirements
2.2.1 confidentiality
2.2.2 data origin authentication
2.2.3 entity authentication
2.3 can provide 2 types of authentication
2.3.1 client only
2.3.2 mutual entitiy
2.4 minimalizes public key operations
2.5 decryption of public key message is placed at the server and saves work for the client
3 crypotgraphic primitives: uses hybrid encryption
3.1 public key cryptography
3.1.1 enables symmetric key establishment
3.2 digital signatures
3.2.1 sign certificates and facilitate entity authentication
3.3 MACs
3.3.1 used to provide data origin authentication and entity authentication
3.4 hash functions
3.4.1 part of MACs, digital signatures, key derivation
4 algorithms used
4.1 Flexible standard. Supports many different algorithms and key lengths.
4.1.1 during exchange, entities agree upon a "cipher suite"
4.1.1.1 cipher suite - collection of algorithms that communicating entities agree upon
4.2 common
4.2.1 AES in CBC mode
4.2.2 HMAC using SHA-256
4.2.3 digital signature algorithms
4.2.3.1 RSA
4.2.3.2 DSA
5 protocols used
5.1 handshake
5.1.1 extablish agreements appropriate to secure communication
5.1.1.1 agree upon cipher suite
5.1.1.2 extablish entitity authentication
5.1.1.3 establish keys for secure channel
5.1.2 sometimes mutual entity authentication is needed in closed systems. basic handshake protocol does not provide this.
5.1.2.1 so, a "modified handshake protocol" can be used
5.2 record
5.2.1 implements secure channel
6 security issues
6.1 will not work if process failures
6.1.1 ex: client does not perform PKCS checks
6.2 implementation failures
6.2.1 relies on many cryptographic primitives
6.3 key mgt failures
6.4 usage failures
6.4.1 security features overestimated and gain a false sense of security
7 key management
7.1 generation
7.1.1 asymmetric keys
7.1.1.1 through PKMS
7.1.2 symmetric keys
7.1.2.1 derived from master secret
7.1.2.2 lightweight
7.1.2.3 allows many keys to be generated
7.1.2.4 reliant on client's ability to generate a random pre-master secret
7.2 establishment
7.2.1 pre-master key shared through public key encryption
7.3 storage
7.3.1 private keys must be stored in safe place
7.3.2 very sensitive, but short-lived
7.4 usage
7.4.1 key separation enforced
7.4.2 separate keys for communication between client & server and server & client
7.4.2.1 prevents reflection attacks
Show full summary Hide full summary

Similar

Crypto U12 (part 2), crypto for mobile telecom
jjanesko
Crypto U12, WLAN
jjanesko
Crypto U12 (part 1), crypto for mobile telecom
jjanesko
Crypto U12 GSM,UTMS Hierarchy Diagram
jjanesko
Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
jjanesko
Crypto U1, Basic Principles
jjanesko
Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
jjanesko
Crypto U3, Theoretical vs. Practical Security
jjanesko
Crypto U4, Stream Cipher
jjanesko
Crypto U4, Block Cipher, Counter Mode
jjanesko
Crypto U4, Block Cipher, Electronic Codebook Mode (ECB)
jjanesko